Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

An anonymous reader writes Intelligence agency GCHQ has just accredited six UK universities to teach Master's degrees in online security that meet the intelligence agency's "stringent criteria." From the press release: "The certification of six Master's degrees in Cyber Security was announced by Rt.Hon Francis Maude, Minister for the Cabinet Office, when he visited GCHQ today. This marks another significant step in the development of the UK's knowledge, skills and capability in all fields of Cyber Security as part of the National Cyber Security Programme. The National Cyber Security Strategy recognises education as key to the development of Cyber Security skills and, earlier in the year, UK universities were invited to submit their Cyber Security Master's degrees for certification against GCHQ's stringent criteria for a broad foundation in Cyber Security."

It's being accredited by GCHQ rather than designed or run, the university stipulates the course material, structure etc... GCHQ obviously felt that only the Masters level courses met their requirements (whatever they maybe) for accreditation. My Engineering degree was accredited by the IET, both Bachelors and Masters components but you didn't have to do the Masters if you wanted an accredited BEng so it is a bit unusual.

University in the UK is rapidly catching up with the US in terms of cost, I was amoung the first year of students who had to pay but it was only at £1000 per year. If I were to do my 5 year Masters in Computer Systems Engineering again now it would cost about £7000 for each of the 5 years (let's say $60000ish). They aren't typical loans however, government provided they charge a very low interest rate and are only paid back once you earn over a certain amount and increase in proportion to your salary. They do however survive bankruptcy and HMRC aren't known for writing debts off easily if you try skipping abroad etc...;-) It is written off at normal retirement age otherwise.

Excluding doctors or vets it's unusual to spend more than 3 years doing an undergraduate degree at university in the UK, very unusual doing more than 4 years for a Masters. I elected to do a foundation year of extra mathematics and goffing off with jet engines... as you do.

There are many similar programs in the US. Here it is called the National Centers of Academic Excellence progam [nsa.gov]. It is overseen by the NSA of course. No matter what you think of them, at least they do know what they are doing in the technical realm.

The Bachelor's programs in information assurance cover far, far more about security than CS ever could, but still it is often not enough. Proper security requires an understanding in depth of a wide number of systems. The two extra years really is necessary to just lay the foundation of a security professional. These programs are designed to fill a need that exists and the free market has not managed to fix. There are just too many people out there that think they know about security, or even have careers in security that have holes in their knowledge. In other fields of IT that is fine, but not security. It only takes one crack, one little misconfiguration, bad update, or missed red flag to have the whole house of cards crumble to the ground.

2 more years in college when 2 years + 2 years doing real IT work is a lot better for learning. A 4 year CS turns out people loaded holes in their knowledge.and 2 years of the ivory tower will give them even more skill gaps.

It depends who they want to get and why. If a gov needs a nations tops skills it kind of signals what tasks are expected in a public way.
Top people can be bought in as friends of friends with the right education and background.
Cyber Security Operations Centre was public in ~2010?
For other tasks they will cast a wide public net and skill people up in house.
It was the same with German in ww2, Russian before/after ww2, Ireland and Asian/African language needs now.
The public can follow along via what was

It's very unusual in the UK for a bachelors degree to be this specialised. There are some places that do a BSc in Game Design, but those subjects are a bit of a joke (ironically, many the course are typically not that bad, because they exist purely for marketing reasons and are 80% identical to the computer science degree, but with a few modules in things like 3D art). It's more common to do a BSc in a general field, like computer science or engineering and then a one-year MSc / MEng / MPhil in something a lot more specialised.

So the spy agency that admit s to (a) sharing data with the NSA, and (b) has pretty much admitted that it wants to be able to hack into any systems it wants in search of information, is now certifying information security courses that would, in theory, make their jobs harder...What can possibly go wrong?

Masters degree in Online Security, really? You might as well take a MS-something certification and call yourself a windows professional.

The most clueless people I've ever met working with IT, are those that work with the company's security. They have an exact set of rules to follow, and nothing else. They monitor their companies outgoing - ingoing data for certain things, and block certain services. They also have a strict policy on mobile devices, cellphones, USB-memory devices and usually give their employees their own...monitored...laptops, everything within a guaranteed controlled environment.

Except that "Guaranteed" part, because there are really no such thing as a guarantee within computer security, the only way to truly learn computer security is to practice hacking, thinking like a hacker, be a hacker and yes...have the same incentives as a cracker would have, and the fun a hacker would have solving new puzzles, breaking into new systems, learning every corner of that hardware inside out. You can't TEACH that at a school, heck...not even the most experienced hacker in the WORLD can teach ANYONE these things, there is so much...and you need to know everything from scratch, everything else is just being a well mannered script-kiddie that would be totally clueless if they received a "virus" that no one of their hardware/software systems could detect, simply because the programmer is so clever (we're talking hackers here, just in case you mistook a programmer for a programmer instead of a hacker, hint hint, wink wink and nudge nudge). And the reason they can't detect it, is because it's not been discovered yet. How can you teach that?!

Kids today don't even know what vectors are, they have NO clue how the bios work, gawd...I'm gonna grab myself a bag of popcorn and watch this freak show.

But then what you seem to forget is from new computers the BIOS has all but disappeared and has been replaced by something called UEFI.
You should update your knowledge starting by something like this [kubuntuforums.net]:

I agree you're not going to teach someone to be a hacker / cracker unless they have that innate talent and interest. That's true for a lot things. Athletics certainly involves some things that can't be taught. You CAN start with a strong, athletic kid who knows nothing about about football and TEACH him the game, the techniques, and the skills. Same thing with cracking. Starting with a cunning, devious kid who knows little about computers, you can teach them to look for unvalidated input, etc. the sa

Francis Maude (the minister setting this up) - "Through the excellent work of GCHQ, in partnership with other government departments, the private sector and academia, we are able to counter threats and ensure together we are stronger and more aware."

And if the spy agencies are the threat? Who will protect us from those who wish to protect us?

Perhaps the course will be teaching people how to evade the mass surveillance of GCHQ and their pals at the NSA? Seems unlikely!